Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.0.5 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-36878
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for malicious users to update settings.
Stylemixthemes Ulisting
4.3
CVSSv2
CVE-2021-36877
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for malicious users to modify user roles.
Stylemixthemes Ulisting
6.8
CVSSv2
CVE-2021-36876
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.
Stylemixthemes Ulisting
3.5
CVSSv2
CVE-2021-36875
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date].
Stylemixthemes Ulisting
NA
CVE-2022-40205
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
Gvectors Wpforo Forum
NA
CVE-2022-40206
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
Gvectors Wpforo Forum
4.3
CVSSv2
CVE-2015-9505
The Easy Digital Downloads (EDD) core component 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7 for WordPress has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
4.3
CVSSv2
CVE-2021-24941
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin prior to 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue
Icegram Icegram
7.5
CVSSv2
CVE-2019-6703
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin up to and including 2.0.5 for WordPress allows unauthenticated malicious users to update arbitrary WordPress option values, leading to site takeover. These attackers can send reques...
Calmar-webmedia Total Donations
4.3
CVSSv2
CVE-2015-9532
The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Digital Store -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »